 So I will talk about, thanks for inviting me, thanks for the opportunity to give this talk and the introduction. So I will talk about the Citizens' Commission of Election, which brought out its report earlier part of this year in 2021. And it brought out several reports, but I'll restrict in this talk only to electronic voting. So the Citizens' Commission of Election was formed just before the pandemic started around January, February of 2020. And the key person as whose base the Citizens' Commission was formed was Mr. M.J. Denosayan. And I can see that he is listening in. Thank you, sir. And I think that the commission did work for about over one and a half years. More than hundreds of calls went through volumes of depositions, did lots of research and were helped by a whole lot of other people. And it was headed by Justice Madan Lokur. It also had the advantage of having two constitutional judges in the commission who kept us in check. And the volume one dealt with the compliance and EVM and we prepared with the principles. The reason this was brought out was the unrest in the country with the speculations about possibilities of hacking and so on and so forth. The second part which dealt with many more topics, it dealt with electoral rules. That study was done by Mr. V. Ramani and Harsh Mandar with a little add in them by me. Money Power and Tribunalization was mostly researched by Anjali Haradbhach, a model called of conduct by Jagdeep Chokar and others, a role of media by Paranjali Murtakurthar, a role of ECI by Professor Sanjay Kumar. It also dealt with many other topics like linking Aadhar with the voters list, the disenfranchisement and so on and so forth. The two volumes is going to come out as a book edited by Mr. Devasaham and published by Paranjali Murtakurthar in the early part of the next year. So I essentially talk about volume one of this report. So the volume one was essentially based on depositions and depositions by these ladies and gentlemen. I think that the last series of depositions in which Ron Rivist, whose name was mentioned several times, and so this was based on depositions by these ladies and gentlemen, very large number of high quality depositions. And the computer science lot by Purvi Vora, I mean this was a joint deposition, Purvi corrected all of them from people who have worked in elections for now 30 years like Ron Rivist and Philip Bistark. And they were surprisingly aware of the Indian elections and all of them reposed and they were very, very valuable. And let me try to give out our findings. So first is why electronic voting and I think Shivam brought out this topic. A computer science, as Subodh mentioned, computer science has looked at electronic elections for 40 years and there are great protocols over many, many years. Traditionally in computer science is only because of efficiency. In fact, electronic electrons are not that efficient. But somehow in the Indian discourse, these two have got a little confused. Sometimes we talk about efficiency, sometimes we talk about correctness and sometimes we mistake that. So the democracy principles, I mean this is essentially a simplification of the representation of the People's Act. If you read the representation of the People's Act and the main wish list out of the representation of the People's Act. If you summarize in plain English and put out the legales, then this is what it will look like. So it should be transparent. A general public should be satisfied about that the voter recorded correctly. The voting process ought to be publicly audited. Ordinary citizens should be able to check their situation steps. That's a crucial thing. So no zero knowledge proofs as was already mentioned out there. The election process should not only be pre and fair, but should also be seen to be fair. It should create public trust and otherwise the whole purpose of electoral democracy gets defeated. The election commission should be in full control of the entire voting process. It should not be that they have, you know, the certain parts of the election is being conducted by methods and means which they are not aware of or not directly in control. And electronic processes that if they're to be used for voting at all, this was not a part of the representation of the People's Act. But this is a conventional system all around the world. They should be in sync with changing technologies and practices and be able to public audit and scrutiny. So that's that is designated attack. And when you come to electronic verifiability, the public verifiability essentially comes from two parts. There's an administrative verifiability. And administrative verifiability essentially is what ECI has largely put his efforts on, which is certification of equipment. There's an elaborate process by which equipment is certified. There's a trustworthiness of custody chain of election, pre and post election. There are strong rules. There are seals of variance kind. They're locking of unions, putting them in trunks, moving them around by tracking with GPS. You know, there's a variety of methods. They are well listed in the ECI webpage. The trustworthiness of the custody chain of VB Pat slips. So this is essentially based on seals and strong rules. So there's an assumption that the VB Pat, even if they're trustworthy right at the election, they remain trustworthy at the time of counting, which is someone not destroyed or new ones are not added. And these are standard conventional administrative processes that that take care of it. And VB Pat's are supposed to audit electronic elections. So this is a simple scheme that that we practice in India. The public verifiability part is largely missing, right? I mean, which is so both talked about a great length that, you know, what computer science is endeavors to give methods so that the public can directly verify that the votes are passed as intended recorded as passed and counted as recorded. So this part is largely missing and omitted in Indian elections. So what we found is that since this crucial steps are missing. So we've got computer science into public life but left its rigor behind. And that has created a little bit of a problem. There is a general public mistrust of the whole process and I think Shivam mentioned that he hasn't seen whether there's any evidence direct evidence of tampering. No, even the commission did not get any direct evidence of tampering. But the commission did get lots of report about indirect evidence. You know, the commission received depositions which means two lakh EVMs went missing. PCI had no control of them. Or EVMs landed up in the car, the car of a candidate. You know, so which means that money of the administrative verifiability processes have been violated. Now, whether that has influenced the election, it's not here, right? Some political parties say yes, some political parties say no. But this mistrust has not worked for them. And what are the easy ways to remove this mistrust? That's what we will try to explore a little bit. There is this recent talk about internet voting. Quite a bit, right? And this is almost impossible, as Subodh mentioned. I just quietly believed in computer science. You know, computer science has known this for a very, very long time. They're internet voting are a strict known. And I think there is a complete agreement with it. So in the computer science community, so that this has been talked about in the national scale in India is a little surprising. And this, as Subodh has already mentioned, but let me touch upon this is because of two essential problems. What is the secure platform problem? So you may own a cell phone or an app, but for a general voter for the even the expert voter like a computer scientist like Subodh, there is no way for him to know that his machine is not hacked or tampered. So that his machine or his cell phone will follow his instruction correctly and vote as he wanted. There is no way to guarantee that. That's called the secure platform problem. Right now, computer science cannot solve that. There's no way to give a guarantee that your cell phone will not get hacked. You know, one cell phone, maybe yes, but a public collection of cell phones will not get hacked. There's no such technique in computer science, whether such techniques will evolve in the next 20, 30 years. We hope it will, but we are unsure. But the second problem will never get solved how to make it coercion free. As long as the possibility I think Subodh tried to mention this that as long as the possibility of the wife coercing the husband to vote for her favorite political party. Internet voting is not possible. So if they don't come to the polling booth and vote from their bedroom, there's no way of knowing who is coercing. And that problem, no technology or social process can be solved. So that makes internet voting a strict no, no, it's an impossibility. And this has been realized for a very, very long time. It's not new for 15 years. This has been documented and Internet voting is any possibility. And US National Academy of Sciences, Engineering and Medicine jointly in 2018 recommended that elections can be only conducted in polling booths and that to using human readable paper ballots. Not using complicated electronic or cryptographic technology. And this is a 200 member committee that made this recommendation very recently into zero warning. And they were quite emphatic the report is available online and it's quite an emphatic report out there. And this roughly followed the recommendation of a German constitutional court which came out in 2009 with a recommendation with almost banned electronic voting in Germany. So this though this is not the German constitutional court ruling is not applicable in other jurisdiction like United States, England, Ireland, France and so on so forth. But most countries have ordered this. And then explain why the most countries have abided by this judgment and have not have gone moved away from electronic voting completely. So let's now look at only an EVM only solution. Let's try to see that why the German constitutional court gave this ruling and let's talk about an EVM only solution and assume for the time being there is no will be PR no will be back associated with the process. So votes are recorded electronic by press of a button. And it gets recorded somewhere inside electronically and there's no way for the voter to know what has been recorded. So I pressed one and the machine recorded to know and it tells me that I've recorded one. There's no way for a voter to verify what is not recorded. And this is this violates almost all principles of voting. So there is no way for a voter to provide a guarantee to a voter that the vote is cast as intended. There's no way to resolve a dispute. If the if the voter says that look my vote was not recorded correctly. There is no way the election authority can convince the waiter that is not the case because it has just gone inside and incremented some counter by one. And you only have an aggregate vote. So we have lost all ways to resolve a dispute. And as would mention not having dispute resolution is not good for voter confidence. That's that's a that's a that's a typical problem. And also there is no way to establish that a system as complicated as an EVM is correct. It is known to be theoretically a very hard problem, almost an impossible problem. And this was proved mathematically by Rebecca Mercury in 1992 that the correctness is impossible to note. I must also add that the incorrectness is also impossible to prove that the machine is incorrect is also impossible. So in general to make a statement that this machine will always function correctly. You know, statements of the type that ECI is routinely making every day in in in national press. There is a theorem to say that that's a statement of no way. And the theorem is due to Mercury. So she's the one who recommended baby pads in 1992. So she said that one easy way to solve this problem. If done correctly is to have a voter verified paper audit rate and which has become routine in most elections. And it is in general, hence it is impossible to predict whether a machine like this can ever reach a state that will violate democracy principles. So the machine can potentially as complicated as an EVM can potentially line in very, very large number of states and it's impossible to examine all of them to figure out that whether one of them is a hacked state or not. So that's so that's that's not possible. So it is impossible to say whether an EVM can be hacked or not. That an EVM has not been hacked is no guarantee that it cannot be. If it is hacked, it is hacked till it is hacked and nobody can make any statement about the hackability of it. Testing of a system such as an EVM can never constitute. You can only test a finite kind of behaviors you can test for functioning, but you can never test for correctness. You can say that the most common use cases, the machine is behaving correctly. But you can never test for the infinitely many uncommon use cases that can fall. So in computer science, we have got a maxim that testing never considered. So you can never certify your machine to be correct by testing. That's that's not possible. And theoretically, one can never test for all possibilities. So in particular, a hacked system can easily be made to behave correctly under test conditions. That's not a problem at all. And I think that many people in the depositions appointed this out. At least six or seven depositions appointed this out. So these issues like this claims that one time program program ability quality assurance testing we have done all this and hence we are correct. They don't pass most. They are their statements of dubious quality. And none of cost is intended to go to discuss and come to this reporter possible. And it is the owners should be on the ECI to demonstrate correctness, not on others to show that it can be hacked. So this public challenge like Coven hack. They are, you know, the little bit of a circus. They don't make any sense really. And I think that citizens commissions of report has come down very strongly on such such practices elections commit. His job is not to throw hackathon, but to convince the public at large that the system and the process that they have designed with or without electronics is correct. So the ruling of the German constitutional court says this. And the main point is that because an EBM to the black box, there's no way to know what is going on inside. So the user voting machines which electronically record a voters vote and ascertain the election results meet constitutional guarantees only if the essential steps of voting and their certain mental result can be examined reliably without any specialist knowledge of the system. So German constitutional court is quite clear that computer scientists I like so both and or the election permissions technical expert committee have no local standing they should not be trusted. They are untrustworthy and just on their certification and election cannot be declared correct. In a public election has a right to claim expertise to declare election correct. So this has to be verifiably correct and and without any specialist knowledge. So an expert has no role in the inner conduct of an election. And this was a very, very compelling judgment and most of the world has divided by not so not so in India. The constitutional court also said that the legislation is not prevented from using electronic motion voting machine is the possibility of reliable examination of correctness, which is constitutionally priced prescribed the safeguarded. So it suggested that you may use a complementary examination system, perhaps we'll be back. The votes are recorded in another way behind beyond electronic, beside electronic storage in India. Mr. Subramaniam Swami bought this German for find a public interest litigation in the Supreme Court and relying mostly on this German constitutional court judgment and he got a favorable ruling from the Supreme Court as a result of which Election Commissioner of India was asked to introduce baby pack and not use EVM only solutions. So since 2011-2012 they're about we are using baby packs in our elections and mostly because of this ruling by the German constitution before. So we need baby packs, right? And this was recommended by Mercury way back in 1992. She almost thought in her PhD thesis that without baby pack there is no real way to do an election. Must say that she was, she had foresight. So what was the, what is the conventional wisdom? The conventional wisdom is that there is a definite need to move away from certifying voting equipment from a certification process to establishing that the outcome is correct. Even if you're using wrong machines, even if you're using uncertified machines, it does not matter as long as you've been sure that there is no, you know, that your outcome has no problem. And this is the way to conduct trustworthy elections. And I think the German Supreme Court made this observation. The US National Science Academy has made this observation and Rebecca Mercury made this observation way back in 1992. That you can never conduct an election correctly by certifying voting equipment. That's a strict no-no. Instead concentrate on establishing that your election is correct, independent of the voting equipment. There are two ways to lose. The first way has been examined in computer science for now 40 years, which is end to end verifiable cryptographically secure voting protocol. These are many of them are extremely sound. Some Sumod has presented. We believe we have one from IIT Delhi, which is completely correct, takes care of everything. But they are difficult to deploy in public life because of the good to publish papers with great academic brownie points. But deploying them in public and throwing them at public at large is a little bit of a problematic issue. Because of the ruling of the German Constitutional Court, it will require experts to certify correctness, mathematicians to certify correctness. And why an electorate should trust mathematics is not clear. In fact, clear that they should not trust mathematics. So worldwide cryptographic voting systems are not popular. It's not because they're incorrect, but it is because that generating trust in them requires certification by experts. But ECI should still obviously explore the possibilities. I believe that if not today, tomorrow, this is the route to doing elections correctly because you can give mathematical guarantees that elections can be conducted completely correctly. Without any risk whatsoever. The second way to do this, if the first is not a possibility and this appears to be not a possibility today, is to do post-election risk limiting audits using VVPACs. Yet you have got a VVPAC system that you have recorded votes using VVPACs. Use those VVPACs to do a risk limiting audit. How to do this is completely worked out in this great paper called Evidence for Selection by Stark and Wigner. Stark submitted a deposition to the Citizens' Commission of Election as well. He's a professor of statistics at Berkeley. And he gave this elaborate statistical procedure about how to do the audit. And we will discuss some of that. So what are the essential requirements? And essential requirements are then software independence. So it's supposed to respond. And this essentially means that if there is an undetected change in software or hardware, that should not cause an undetectable change in the election. So even if the machine malfunctions, it should be possible to detect that the malfunctioning has happened. That's called software independence. This does not mean that you cannot use software or hardware. But a malfunction in the software should not become undetectable. So that's what we call software independence in computer science. And the second property is dispute resolution. That it cleared that anybody challenges. So both challenges that my vote was not recorded correctly. That must result in either the challenger or the election authority being proved wrong. So there has to be a clear determination about it one way or the other. If there is no dispute resolution, there's no voter confidence in the process. Now dispute resolution cannot be done in a direct electronic recording machine. You know, between a man in a secret transaction between a man and a machine, there is no way of determining who is lying. If I press one in the machine side, you press two. Now that's an event that has happened without any witness and it's obvious common sense that there's no way to, you know, conclusive determine who is right, who is wrong. Between two human beings in private also there is no way. But there are traditional methods like feast fights and so on so forth. But you can't even fight with the machine. So the only solution is then be fair to the voter. You cannot possibly be fair to a machine. That doesn't make sense. If you cannot do dispute resolution electronic machine, then as many of our people who have deposed to the commission have said, that the only sensible solution is to be fair to the voter. So what are the VVPAT requirements? This is required by law in most jurisdictions, including in India. If you conduct electronic elections and VVPAT are immersed. But the Indian VVPAT system in our examination we found that has some lack of name. There is no clear definition in which is the vote. So the representation of the people's act of the ballot papers. The EVM somehow has only has not even made a proper appearance in their representation of the people's act. So there's a big problem and now if you're running two pilot elections, one with water verified paper audit trail and one is the electronic vote. Then which is the vote because they're not in one to one correspondence. So they're not demonstratively in one to one correspondence. In which case, which is the one that should be counted. That's a lack of name that is there in the Indian election system. Indian election system, the representation of the people's act says that a paper one should be done. But India seems to be counting the electronic one. And that is vote a theoretical, political, constitutional, animal. Second is the voter should have a full agency to cancel a vote. If not satisfied, right? And this process should be simple and should not require the voter to interact with anybody. But the Indian VVPAT system is not truly voter verified. It's not truly voter verified because the following reason that if you press a button. So suppose you vote for a political party A. And suppose the VVPAT slip prints political party B. There's no way for the voter to cancel the vote. Because the voter verified paper audit slip does not come to the voters hand. There is no physical process of casting the vote. So it gets displayed behind a glass window for seven seconds. And then gets detached and falls in a sack and becomes indistinguishable. So if that point of voters is a dispute that look I pressed my preference for political party A and the VVPAT slip printed political party B. Then there is no way to resolve that dispute. And there is Indian Indian election system. There is an incredible report of such disputes. And there's also a 5000 rupees fine if the voter cannot prove that she's being truthful. Now that is that is a travesty of justice. And as a result, you know, depositions makes her the story that even a police officer, that police officer claims that he's scared to dispute. That, you know, how will I, how will I ever prove that, that I'm right. Now look that if the polling officer comes in and does a more full next time that the whole happened correct. Does not mean that the previous complaint was incorrect. That's incorrect logic. So, so the voter verified paper audit trail is not truly voter verified. So this needs to be corrected. And the only way this needs to be corrected can be corrected is the voter verified paper audit trail is something that comes to the voters hand the voter checks it. And to complete the voting process manually puts it in box. Right. That's that's the notion of a casting, in which case the paper should be the true vote, the correct vote, the electronic one is only a proxy. And this needs to be correctly reflected and in an amendment in the representation of people's act and this is a recommendation. This is one of the recommendations of the commission that this is too much of a undefined undefined status. This does not make sense. This needs to be immediately corrected in future elections. So we'll be back requirements of the we'll be back maybe trustworthy during voting. Suppose it comes to the voters hand and the voter puts it in the box, then it's definitely trustworthy during the voting. It captures the voters instant. But how do you know that remain trustworthy during audit. There's an intervening period in the last constitution parliamentary constitutional election, the three months or two months gap between voting and content. And this requires compliance audits. You know, to start can Wagner do this an elaborate process by which this compliance audit can happen to ensure that their trustworthiness in statistical processes, which I will not describe okay. The next question about which there are about I believe there are some 20 or 30 cases pending right now in Supreme Court of India, which is how many of them should be audited. The EBM captures about 2000 votes a polling booth is about 2000 votes. So, assembly constituency typically has about three hundred. So, a parliamentary constituency about 10,000 million. So how many of those EBMs should be audited with full manual paper counting. And this is a dispute. So those, what should be done if an EBM count does not match the baby background. Declare the election for the entire population null and void and do a reelection or discard the electronic votes and do a paper count for the entire constituency. So these are not adequately defined in the election commissions of India's procedure. And this is this is a big problem. This is an audit, fine, the audit, but if the audit fails. So if you find that by electronic count party A has won, but by manual baby pat count party B has won in a polling booth. Right. Then what can you conclude about the entire constituency. And what should you do. You know that the electronic count is not wishing to pass in the paper count. Now which should you trust paper electronics. The answer is electronics and this is a hugely problematic. This is a hugely problematic situation, because of reasons that I'll try to, but anyway, this first is that this process is not defined completely. So this requires making amendments in the representation of people's act and making this completely clear what what this, what should be done in case of a mismatch. Okay, so the risk limiting audit process goes. The other thing I want to mention out here is that we asked requested the X election commissioners to divorce. The last 10 chief election commissioners to divorce to a committee only one of them did Mr. Mr. We also asked the technical committee of the election commission of India to divorce for the commission there. We got no reply. But from private conversations we heard that the reason that the baby packs lips cannot be counted is that it takes too much time. Right. And almost all the people that we talked to like Shivam Shankar Singh who made a presentation thought that time should not be an issue. You're, you're electing your representative, your prime minister will do you for the next five years. And how does two more days matter to count all baby pack slips. And also, there are technologies to count baby packs if there are no counting machines in the banks, you know, IIT Delhi can design a mechanical baby pack slip counting machine, which can just count 2000 baby pack slips in matter of one second, you know, it'll go problem. So, you know, if no counting machines can be designed, why can't baby pack counting machines not be designed. And if you count by a mechanical process standalone process, and if that tallies with electronic process, you know, things are all right. So not counting the baby pack slips, there is a commission found no convincing reason that why the entire set of baby pack slips should not be counted. It appeared to the commission that's an easy thing to do. It should not even take too much time. Even if done manually and there is no need to do it manually there are there are no counting back machines that you can go to every bank. Such a thing can be designed. And there are many, many companies and education institutions and IIT is India that can effortlessly design such a such a counting machine, so mechanical counting machine. So, again, the response that this will make it inefficient does not pass my story. But if you want to do a statistical sampling only and not count the entire Indian, I think that we should count all baby packs. But if you don't want to count all baby packs, then this question assumes that how many baby packs should how many of you should be audited by full baby pack counting. And the answer in statistics comes from this distribution called a hyper geometry distribution. So you don't have to understand it but this essentially tells you. Defines the probability of finding a defective item in in draw in a population of capital and which may have capital K defective objects. So if you know that there are 1% faulty television sets, 1% television sets are faulty. Then how many should you sample in a population of 1000 how many television sets should you examine closely to determine say 540 sets. This is given by the hyper geometry distribution. This is routine in engineering. This is taught to secondary students in statistics and every component engineering component is audited. You cannot probably test every possible car that you are manufacturing. You select a small sample based on a statistical sample given by the hyper geometric distribution, put them to rigorous test. If you pass the test, you will declare that the whole lot is correct statistically with a very high probability. This is the way you sell televisions. This is the way you sell cars. This is the way you sell cell phones and computers. No company has the way with all to test every iPhone that they have manufactured. That's not possible. It comes out of the factory with a standard process. You check a small statistical sample and declare the whole lot correct with a high confidence. Now, if you do that process, this is from an IS officer called Ashok Varadanshakti. He didn't depose to our commission, but he wrote an article in the Hindu business line before the commission came out and the commission took some of the cognizance of his article. His statistics were impeccable and it matched Professor Philip Stark's recommendation exactly. They gave exactly the same process. And what it says is that, suppose 1% EVM are hacked or whatever, right? To detect at least 1% EVM with 99% probability, how many EVM should you sell? So it turns out that if your population is, what is this? How many zeros? This is 1 crore. Of course, there are 7 zeros. They can't even read. So if you take, but it does not matter, if it is 1 crore and if it is 1% faulty EVM sampling 459, EVM will get 1 faulty EVM with 99% certainty. And if you add 1 more zero, the number doesn't change. It remains 459. For 1 lakh EVM, it is 458. You have to sample only one less EVM. So the Election Commission of India went to the Supreme Court and said that one per assembly constituency is enough. And they were backed by some top-class statistician from India of very high repute who filed affidavits in the Supreme Court in support of HCI's claim. And they presumably went by this plot and they said that if you take a parliamentary constituency, or if you take the whole country as a whole with 1.2 billion population that's somewhere out there, or if you deploy so many EVMs, then collecting only about 400 EVMs is statistically auditing only about 400 EVMs is sufficient for the entire population. But the problem is that what should be the population? An assembly constituency has about 30 to 300 EVMs. A parliamentary constituency has about 300 to 18,000 EVMs. A state as a whole, depending on how large the state is, about 10,000 EVMs. And India has a whole that has about 10 lakh EVMs. In a parliamentary election, India as a whole deploys 10 lakh EVMs. So if you consider the entire India as a population and say that 459 EVMs are sufficient, you are assuming a homogeneity across the entire country. You're assuming that your election subversion strategy in Kerala is exactly the same as the election subversion strategy in West Bengal is exactly the same as the election subversion strategy in Kashmir. But election results are declared in much smaller units. So if you go to a one assembly constituency and say that there are only 300 EVMs there, then you're in this zone. Then the curve shows that you will require to audit about 50% of EVMs. If you are in a larger parliamentary constituency which has got about 1,000 EVMs, then you have to, for the same certainty, you have to do about 40% EVM, 36.8% EVM needs to be statistically audited. So this claim that you need to, so ultimately the Supreme Court ruled that neither this way nor that way. Audit only five EVMs per assembly constituency and that's the current practice. Now that has no statistical or logical basis. And what shows in assembly constituency is typically of 1,000 EVM. Then this detection should require at least 268 EVMs to be audited. If you want to manually count, if you don't want to do a full VVPAT count but only do a statistical count, then you have to pick up 368 EVMs from this and do accounting. So this is elementary, any secondary engineering student should tell you and Supreme Court should have used better judgment than to come up with a dictum and say that five EVMs per assembly constituency is sufficient. That doesn't seem to have any statistical basis. And in fact, now, as another deposition, this is probably by Professor Starr. He drew this table to show that if misreporting EVMs in a Luxembourg constituency at 25%, then the Supreme Court's dictum will capture it with a virtual certainty. But if the misreporting EVM in a Luxembourg constituency is only one person, then you will detect it with only a probability one-third and you will miss it if the probability two-third. Now that is not good statistics from Supreme Court of India. And this is something that the Commission very strongly objected to. So I think that, you know, blockchains, let me see if I have the time for blockchains. Perhaps not, I think that Subod has talked about blockchains already. I will just mention by saying that blockchain is a thing that the Commission also investigated and the Commission's report we have published in India for a article. And there is adequate, you know, the conventional wisdom in computer science says that a blockchain-based election does not make any sense. A blockchain is a process that goes with distributed consensus. And when there is only one authority, the conclusion of a distributed consensus does not arise. So the US Academy of Sciences report has also cautioned against blockchain and saying that it's a hype that should be completely ignored and this can have disastrous consequences for elections. The Citizens' Commission of Election also makes the same recommendation. And I will not discuss this in great detail out there. So in a summary, it is well known that it is impossible to verify an electronic system as complicated as the Indian. So VVPATs are a must. If you use a VVPAT then define which is the vote. The VVPAT is the vote of the electronic button presses the vote correctly. And what should you do if they don't mismatch? Leaving that undefined is not good for democracy. The VVPAT system should be voter-verified, not having the VVPAT system voted. It's called voter-verified paper audit trail. So not having it voter-verified is a fundamental flaw. EVM voted by crossing in with manual VVPAT. The commission did not understand that why 100% VVPAT counting should not be done. It seemed easy. But if you have to do a statistical audit, follow well-established statistical procedures. Don't arbitrarily declare by EVM should be audited with constituency. And blockchain really does not address a very favorable problem. Either for electoral processes or for polling. Yes, so I'll stop here and leave the questions I'll try to take. Thank you. Thank you, Professor. Very enlightening, very clear presentation on the difficulties in designing these systems. And what you said about machine readability of the VVPATs, etc. makes perfect sense, why should it not be possible. So one question that comes to mind is that why the EVM should not record the vote rather than keep account of the votes. It can electronically, digitally record the votes in a random order in a stack. And the automatic reading of the VVPAT should be part of the transport of the slip itself into the vote. So as you see it going in, it should be read by the device, tell it against the vote which is digitally recorded and then allowed to drop into the vote. This way, you will get votes in the vote that exactly match the recorded votes and you can recount both anytime you wish. Of course, you will not have one-to-one correspondence between the slip and the electronic version. Can we do something like that? There are two problems, one is that just the VVPAT matches the EVM does not give you a guarantee that the election was gone correctly. They just show that they both match. Why can't I delete five votes from both or add five votes into both for my favour of my political party? That's one. The second thing is that the reason the Indian EVM does not record identical votes but just records an aggregate cumulative count is because nobody can guarantee that the EVM will maintain secrecy. The EVM leaking vote information is something that probably are just that the ACI designers did not want to take. But indeed, the system that we have proposed, the cryptographic system, the EVM keeps a full record. But EVM keeps a completely encrypted record. In fact, you know, it is in computer science, almost all designs except two or three gives the vote secret from the EVM. EVM getting to know the vote is an extremely problematic thing. You know, so I like Shivam Shankar Singh made a statement that an EVM is reasonably safe if it is not connected. There can be no electronic equipment that is not connected. You are interacting with the environment through heat, through sound, through light. So there are hundreds of channels. It is impossible to know that the electronic equipment is not shouting out in an unaudible band. That's what has just voted for BGP for example. And this can be communicated out. You don't need an internet for this. You can do it in the infrared band or ultrasound band. And I can hide an antenna in an electronic device that you cannot recognize even if you open it. There is that famous case of radiating antenna which is not even electrically transmitted. So I think that this is a false conception that a machine is not connected. A machine, if it is not connected, it does not exist like a human being is connected to other human beings. Otherwise your machine is not breathing. So machine getting to know the vote is a very big risk. And this risk is mitigated in Indian election by machine just keeping account. But if the machine maintains a record which is in one-to-one corresponding with a VB pad, then the risk increases many times. I think that the electronic, if you want to go that route, if you want to take that route, then you have to keep the vote secret from the EVM. And the best election is conducted if the EVM is a public machine. You take public laptops. In USA elections are conducted using public laptops. You take them from schools and conduct an election. That's where there's the least chance of happening. So you don't require the correctness of the machine to conduct an election correctly. You should be able to conduct on the polling officer's cell phone and using just an app. And those will be the perfectly corrected. And that's what computer science has been advocating for a very long time. So how the Indian election system has not gone in that direction. Thank you. Thanks. There is one interesting question from Mr. Bharwa. A comment, rather, that in the 60s and 80s people trusted the elections. Though there was no good capture in such other problems. Whereas today we have mistrust with the EVMs and other things. So what is this? What's the reason? You know, I don't think that personally, this is something that we had a lot of debate in the citizens commission of election. I personally don't think there's any reason to trust a paper based election. That's a no way to establish the correctness of a paper based voting system. And I disagree that this was trusted. I remember my father will always complain. You know, I think that people like me who are brought in brought up in Bengal. Booth capturing is an art there. So people who did not support CPM complained for the last 40 years that they captured booths and manipulated elections. So I don't think that at least people in Bengal trusted paper based elections. No one should trust paper based elections. There are, there are dangerous things. So elections should be electronic. There's no doubt about it. Just because the paper was based election should not be trust. You know, the Indian VVPAT system is actually Indian EVM system is not bad. It is just that the VVPAT audit procedure is completely incorrect. Make that correct. It's a low hanging fruit and this becomes a good system. That's the recommendation of the citizens commission of election. Okay. There's a, there's a question addressed to both you and, and Professor Sharma. What do you think would be able to convey these concerns that you've articulated in a manner that the, you know, that the institution can take note of? You know, okay. So I don't have any official contact with the election commission of India. Clearly, there's no deficiency in this. Not, not just the election commission for the entire apparatus that is concerned with this. You know, I think that what is, you know, I obviously, you know, being a part author of the report have spent some time on his understandability. You know, even within the election commission of India, I don't think that there is any problem with understandability. They completely understand what we are trying to say. They want to act is a different. They want to act knowledge is a different matter altogether. So I think by enlarge people who have read the report, this is not that difficult to understand. This is sort of straightforward that if you are having a paper and electronic and they're not in one to one correspondence that you need to define which one is the vote. It's a simple English statement. Which one should you count if paper is the wood, then why are you counting the electronic. And if electronic is the wood, then how is the paper auditing. At least these processes should be made clear. Perhaps what Mr. Sankarshan is trying to do is to make the system listen, you know, and understand, rather than, you know, making the system, making the system listen is something that, you know, we I try to leave it to Mr. Sankarshan and justice more than look. White papers and hope that, you know, release as many white papers as possible keep the discussion in active memory and hope that, you know, enough people, a credible number of people would take it up and force the system to acknowledge. Thank you. Thanks a lot. There are other comments and questions, but I don't think we have the time. We are already at 5.40. We missed one.